< Prev 1 2 3 4 5 6 7 8 9 10 11 Next >
Category: Auditing » Host
Linux Security Auditing Tool
Linux Security Auditing Tool (LSAT) is a post install security auditing tool. It is modular in design, so new features can be added quickly. It checks inetd entries and scans for unneeded RPM packages. It is being expanded to work with Linux distributions other than Red Hat, and checks for kernel versions.
Local Area Security Linux
Local Area Security has released the 0.4 MAIN of their 'live CD' security toolkit which fits on a 185MB miniCD. With full Fluxbox desktop and over 250 security related tools encompassing pen testing, forensics, administration, monitoring, etc. Many additions and fixes have been made since the beta version. Along with the addition of the 'toram' boot option which allows it to be run entirely from RAM.
PingScan scans networks via ping for reachable hosts. It does DNS lookup and checks for correct forward/reverse entries. You can enter network adressess in CDIR notation or give start and end adresses.
Pidentd v3 is a much improved version of the original Ident daemon both in terms of speed, code quality and features. Features include multithreading, a "configure" script, startup autodetection, much clearer/rewritten C code, doesn't run as root after startup, has a configuration file and can be started from /etc/inittab (on systems using a SysV init).
Saint Jude, Linux Kernel Module
Saint Jude LKM is a Linux Kernel Module for the 2.2.0 and 2.4.0 series of kernels. This module implements the Saint Jude model for improper privilege transitions. This will permit the discovery of local and remote root exploits during the exploit itself. Once discovered, Saint Jude will terminate the execution, preventing the root exploit from occurring. This is done without checking for attack signatures of known exploits, and thus should work for both known and unknown exploits.
sXid is an all in one suid/sgid monitoring program designed to be run from cron on a regular basis. Basically it tracks any changes in your s[ug]id files and folders. If there are any new ones, ones that aren't set any more, or they have changed bits or other modes then it reports the changes in an easy to read format via email or on the command line.
Data Thief is a ?proof-on-concept? tool used to demonstrate to web administrators and developers how easy it is to steal data from a web application that is vulnerable to SQL Injection. Data Thief is designed to retrieve the data from a Microsoft SQL Server back-end behind a web application with a SQL Injection vulnerability. Once a SQL Injection vulnerability is identified, Data Thief does all the work of listing the linked severs, laying out the database schema, and actually selecting the data from a table in the application.
This is a very useful tool that lists the current processes in your Windows system and which ports they listen on. It is written to work on Windows NT and Windows 9x. There have been some stability problems on Windows 9x, but they seem to have been solved now. On Windows NT, inzider is unable to check processes that are started as services.
Apache Chunked Scanner
The Retina Apache Chunked Scanner is a tool created by eEye that is able to scan up to 254 IP addresses at once and determine if any are vulnerable to the recent Apache Chunked Encoding overflow. If an IP address is found to be vulnerable to the Apache Chunked Encoding attack, then the Retina Apache Chunked Scanner will flag the IP address. Administrators can then double-click on the IP address to be taken to a website with information on how to fix the vulnerability.
IPWatch will reconfigure your machine after an IP change by reinitializing the hostname, restarting the system logging facilities to use the new hostname, restarting your firewall, and updating your dynamic hostname (it supports yi.org, homepc.org, justlinux.com, dhs.org, dyndns.org, and dyndns.com). It will also restart your network if your machine loses connectivity. In both cases, email is sent with a full log of everything that's been done (including your new IP address).
Browse by category